Month: July 2013

We’ve recently been told quite a lot about the activities of the US National Security Agency in monitoring internet communications. Much of it could be described as “stuff you might have feared, but that’s a bit depressing to have confirmed”.

For people outside the US, one perhaps surprising thing is that the US government seems happy to say the NSA’s surveillance programmes are OK because they are only aimed at non-Americans.

It involves extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time.

For people outside the US who have been encouraged over many years to use American internet and cloud-hosting companies, it comes as a bit of a surprise not just that the US government feels this way but that it is so unashamed about it.

Although the details about NSA snooping are new(ish), this principle isn’t a new one. It turns out it’s normal for constitutional safeguards not to apply to non-Americans, even when they are using the services of US companies. A current case:

Chevron… is asking Google, Yahoo, and Microsoft, which owns Hotmail, to cough up the email data. When Lewis Kaplan, a federal judge in New York, granted the Microsoft subpoena last month, he ruled it didn’t violate the First Amendment because Americans weren’t among the people targeted.

Now this one has nothing to do with the NSA; it’s about gathering evidence for a court case. The only reason it is considered news is because the opposition argues that the hosting service didn’t know for sure that its users were not Americans.

This is so problematic not because the US necessarily behaves worse than any other country—I suspect it has better oversight in place, for its own citizens, than the UK—but because people like me from outside the US have got used to thinking of US-based hosting, services and companies as the norm in the Internet world.

This attitude long pre-dates pervasive cloud computing. Hotmail, the example above, has been one of the world’s most popular email hosting providers for around 15 years, with (I’m guessing) a couple of hundred million users outside the US.

But it’s quite a problem now that cloud hosting is routinely used to store business data and private documents. And it seems obviously problematic for EU-based businesses, which have a legal obligation to follow data protection rules that presumably don’t include sending their customer data off to a country whose government is unapologetic about taking a copy of it, just in case.

America

I’ve been a bit prickly about the USA and Americans a fewtimes before on this blog. That prickliness has the same cause: I’m sensitive about having become so dependent on American companies and attitudes myself. I have grown used to engaging with American companies, working methods, and laws, almost more than those of my own country, and certainly more than those of other European countries. That has a lot to do with the USA’s historical reputation as a stable, reliable democracy with visible workings, answerable to a relatively incorruptible legal system.

But this dependency increasingly seems just perverse.

I have become used to giving all my personal and business records to companies that have promised to make it all available to a spy agency run by a foreign government that openly declares it has no interest at all in my rights.